A Model for Peer Vulnerability Assessment

While some situations clearly may require bringing in highly skilled resources to test systems, a sound basis for good security would be to develop in-house expertise in vulnerability testing by the system administrators, and to develop an effective method of performing testing. The challenge for this effort, then, is to combine freeware tools with a methodology for using them that effectively promotes persistent security. This paper proposes a model for ongoing assessment to be performed by the system administrators that includes testing and assessment in a non-threatening environment that provides added value of education for those performing the assessments. We will first examine existing methods of assessment, make the case for a peer assessment, explore the goals and benefits of a peer assessment, and outline a generic assessment model.